VMware’s software-defined data center will include NSX network virtualization

Last week, at a Strategic Forum for Institutional Investors, VMware presented its strategy on the growing importance of the software-defined data center (SDDC) by saying the move from the physical to a software-defined architecture is a necessary step toward delivering the cloud. Through the software-defined data center, VMware said it would extend the benefits of virtualization to all areas of the data center: network, security, storage, and management.

As part of that vision, VMware revealed its intentions to merge the company’s homegrown vCloud Networking and Security (vCNS) product line with the technology that it acquired last year in the $1.26 billion acquisition of Nicira, an open source software-defined networking (SDN) startup. This new single-product family, dubbed VMware NSX, is based on a common technology foundation that works across multiple hypervisors and cloud management systems beyond those from VMware.

Currently dominating the enterprise server virtualization market, VMware appears to be turning its attention from the virtual data center to a much longer-term play within the hybrid and public cloud. Beyond server virtualization, there are other legs to the stool of a software-defined data center or a hybrid and public cloud that VMware would have to achieve — and one of those requirements is network virtualization.

Early on, VMware’s vSwitch in the ESX hypervisor did little more than connect the virtual server NIC to the physical NIC. To become relevant in a modern software-defined data center, VMware needed to improve network programmability and add higher-level features such as VLANs, firewalls, and load balancing, then provide gateways to allow virtual machines to easily move between clouds.

By combining the best of Nicira NVP and VMware vCloud Network and Security into a single unified platform, it sounds as though VMware NSX finally provides the company with the capabilities needed to fully address that challenge.

Hatem Naguib, Vice President of Networking & Security at VMware, states, “VMware NSX paves the way for enterprises to rapidly deploy networking and security for any application, on any general purpose hardware, non-disruptively, by enabling the fundamental abstraction of networks from networking hardware — creating the virtual network.”

Naguib goes on to describe VMware NSX as exposing “a complete suite of simplified logical networking elements and services including logical switches, routers, firewalls, load balancers, VPN, QoS, monitoring, and security; arranged in any topology with isolation and multi-tenancy through programmable APIs — deployed on top of any physical IP network fabric, resident with any compute hypervisor, connecting to any external network, and consumed by any cloud management platform (e.g. vCloud, OpenStack, CloudStack).”

To bring all of this together, the NSX platform is made up of five basic components: Controller Cluster, Hypervisor vSwitches, Gateways, Ecosystem partners, and NSX Manager. Described in further detail:

• NSX Controller Cluster. Implemented as a cluster for both scalability and high availability, the NSX controller is responsible for the programmatic deployment of virtual networks across the entire architecture. It accepts API requests from northbound management platforms (vCloud, OpenStack), calculates the virtual network topology, and proactively programs the hypervisor vSwitches and Gateways with the appropriate real-time configuration and forwarding state.
• Hypervisor Switch. Each hypervisor has a high-performance in-kernel vSwitch with a programmable L2-L4 data plane and configuration database. The controller cluster programs each hypervisor vSwitch with a real-time configuration and forwarding state, to match the desired virtual network topology to which the virtual machines are attached.
• Gateways. This provides scale-out Gateway services that connect virtual networks within VMware NSX to nonvirtual hosts, remote sites, and external networks. Gateway nodes provide a Gateway service, implementing the same programmable vSwitch as hypervisors, and managed by the controller cluster. VMware NSX Gateway services provide a secure path into and out of the software defined data center. NSX Gateway nodes offer IP routing, MPLS, NAT, firewall, VPN, and load-balancing services for securing and controlling traffic at the north/south edge of one or more NSX virtual networks.
• Ecosystem Partners. This offers an extensible platform that enables partners to register their services with the VMware NSX controller and seamlessly insert the respective capabilities into virtual networks. The use of open interfaces and open protocols allows an ecosystem of partners to easily integrate with VMware NSX using well known interfaces based on widely used open source software.
• NSX Manager. This provides the user with a Web-based GUI management dashboard to interact with the VMware NSX controller cluster API and is used for system setup, administration, and troubleshooting. A system administrator can view logs and the connectivity status of all VMware NSX components and virtual network elements (logical switches, logical routers, gateways, and so on).

VMware’s network virtualization announcement sounds like good news for the company. But its network transformation could negatively impact what members of its partner ecosystem, such as Cisco, F5 Networks, Riverbed and Vyatta, are already building. This latest announcement also puts VMware on a collision course with the OpenFlow ecosystem built by startup Big Switch, which offers its own controller software called Floodlight. Big Switch open-sourced Floodlight in January in the hopes it could build an application ecosystem around the technology.

What happens next?

One thing is certain: Don’t look to implement VMware NSX in your environment any time soon because it isn’t yet available. VMware said the product is expected to launch in the second half of 2013, which seems to be another case where marketing is announced well ahead of the product’s release date. Doing so could be another way for VMware to try and freeze out the competition in this early stage, yet growing market. Consumers will have to wait and see exactly what date “second half of 2013” will translate into, whether the beginning, middle, or end. Perhaps it means sometime in 2014 before a broader delivery date can be realized.

In the meantime, expect VMware to continue to heavily promote this new product family and to continue to paint its bold vision. Obviously, the combination of the SDDC and VMware NSX product line will prove to be one of the major topics of discussion at this year’s VMworld 2013 conference in August.